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NO.l You have an Azure subscription that contains 10 virtual machines. You need to ensure that you 
receive an email message when any virtual machines are powered off, restarted, or deallocated. 
What is the minimum number of rules and action groups that you require? 

A. three rules and three action groups 

B. one rule and one action group 

C. three rules and one action group 

D. one rule and three action groups 
Answer: C 

Explanation: 

An action group is a collection of notification preferences defined by the user. 

Azure M onitor and Service Health alerts are configured to use a specific action group when the alert 
is triggered. 

Various alerts may use the same action group or different action groups depending on the user's 
requirements. 

References: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action- 
groups 


NO.2 You have an Azure subscription that contains two resource groups named RG1 and RG2. RG2 
does not contain any resources. RG1 contains the resources in the following table. 


Name 

Type 

Description 

Lock 

VNetl 

Virtual 

network 

A virtual network 

Readonly 

VNet3 

Virtual 

network 

A classic virtual network 

None 

W1Q 

Virtual 

machine 

A virtual machine that runs 
Windows 10 and is stopped 
and attached only to VNetl 

Delete 

W10_OsDisk 

Disk 

A managed SSD disk that is 
attached to W10 

None 


Which resource can you move to RG2? 

A. W10_OsDisk 

B. VNetl 

C. VNet3 

D. W10 
Answer: B 
Explanation: 

When moving a virtual network, you must also move its dependent resources. For example, you must 
move gateways with the virtual network. VM W10, which is in Vnetl, is not a dependent resource. 
Incorrect Answers: 

A: M anaged disks don't support move. 

C: Virtual networks (classic) can't be moved. 

D: Virtual machines with the managed disks cannot be moved. 

References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group- 
move-resourcesA/irtual-machines-limitations 
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NO.3 You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure 
Active Directory (Azure AD) tenant named contoso.com. 

You are a global administrator. 

You plan to create a report that lists all the resources across all the subscriptions. You need to ensure 
that you can view all the resources in all the subscriptions. 

What should you do? 

A. From the Azure portal, modify the profile settings of your account. 

B. From Windows PowerShell, run the Add-AzureADAdministrativellnitM ember cmdlet. 

C. From Windows PowerShell, run the New-AzureADUserAppRoleAssignment cmdlet. 

D. From the Azure portal, modify the properties of the Azure AD tenant. 

Answer: C 

Explanation: 

The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure 
Active Directory (AD). Use it for the application report. 

References: https://docs.microsoft.com/en-us/powershell/module/azuread/new- 
azureaduserapproleassignment?view=azureadps-2.0 

N0.4 Note: This question is part of a series of questions that present the same scenario. Each 
question in the series contains a unique solution that might meet the stated goals. Some question 
sets might have more than one correct solution, while others might not have a correct solution. After 
you answer a question in this section, you will NOT be able to return to it. As a result, these questions 
will not appear in the review screen. 

You have an Azure subscription named Subscriptionl. Subscriptionl contains a resource group 
named RG1. RG1 contains resources that were deployed by using templates. You need to view the 
date and time when the resources were created in RG1. 

Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic 
deployment. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: B 

NO.5 Note: This question is part of a series of questions that present the same scenario. Each 
question in the series contains a unique solution that might meet the stated goals. Some question 
sets might have more than one correct solution, while others might not have a correct solution. After 
you answer a question in this section, you will NOT be able to return to it. As a result, these questions 
will not appear in the review screen. 

You have an Azure subscription named Subscriptionl. Subscriptionl contains a resource group 
named RG1. RG1 contains resources that were deployed by using templates. You need to view the 
date and time when the resources were created in RG1. 

Solution: From the RG1 blade, you click Deployments. 

Does this meet the goal? 

A. Yes 

B. No 
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Answer: A 

NO.6 Note: This question is part of a series of questions that present the same scenario. Each 
question in the series contains a unique solution that might meet the stated goals. Some question 
sets might have more than one correct solution, while others might not have a correct solution. After 
you answer a question in this section, you will NOT be able to return to it. As a result, these questions 
will not appear in the review screen. 

You have an Azure subscription named Subscriptionl. Subscriptionl contains a resource group 
named RG1. RG1 contains resources that were deployed by using templates. You need to view the 
date and time when the resources were created in RG1. 

Solution: From the Subscriptions blade, you select the subscription, and then click Resource 
providers. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: B 

NO.7 You have the Azure virtual machines shown in the following table. 


Hame 

Azure region 

VM1 

West Europe 

VM2 

West Europe 

VM3 

North Europe 

VM4 

North Europe 


You have a Recovery Services vault that protects VM 1 and VM 2. 

You need to protect VM 3 and VM 4 by using Recovery Services. 

What should you do first? 

A. Configure the extensions for VM 3 and VM 4. 

B. Create a new Recovery Services vault. 

C. Create a storage account. 

D. Create a new backup policy. 

Answer: B 

Explanation: 

A Recovery Services vault is a storage entity in Azure that houses data. 

The data is typically copies of data, or configuration information for virtual machines (VM s), 
workloads, servers, or workstations. 

You can use Recovery Services vaults to hold backup data for various Azure services 

References: https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable- 

replication 

N0.8 You have an Azure subscription that contains the resources in the following table. 


Name 

Type 

RG1 

Resource group 

Store 1 

Azure Storage account 

Syncl 

Azure File Sync 
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Storel contains a file share named Data. Data contains 5,000 files. 

You need to synchronize the files in Data to an on-premises server named Server! 

Which three actions should you perform? Each correct answer presents part of the solution. 

NOTE: Each correct selection is worth one point. 

A. Download an automation script. 

B. Create a container instance. 

C. Create a sync group. 

D. Register Server! 

E. Install the Azure File Sync agent on Server! 

Answer: CDE 

Explanation: 

Step 1 (E): Install the Azure File Sync agent on Serverl The Azure File Sync agent is a downloadable 
package that enables Windows Server to be synced with an Azure file share Step 2 (D): Register 
Serverl. 

Register Windows Server with Storage Sync Service 

Registering your Windows Server with a Storage Sync Service establishes a trust relationship between 
your server (or cluster) and the Storage Sync Service. Step 3 (C): 

Create a sync group and a cloud endpoint. 

A sync group defines the sync topology for a set of files. 

Endpoints within a sync group are kept in sync with each other. 

A sync group must contain one cloud endpoint, which represents an Azure file share and one or more 
server endpoints. 

A server endpoint represents a path on registered server. 

References: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment- 
guide 

N0.9 You plan to use the Azure Import/Export service to copy files to a storage account. 

Which two files should you create before you prepare the drives for the import job? Each correct 
answer presents part of the solution. 

NOTE: Each correct selection is worth one point. 

A. an XM L manifest file 

B. adriveset CSV file 

C. a dataset CSV file 

D. a PowerShell PS1 file 

E. aJSON configuration file 
Answer: BC 
Explanation: 

B: M odify the driveset.csv file in the root folder where the tool resides. 

C: M odify the dataset.csv file in the root folder where the tool resides. Depending on whether you 
want to import a file or folder or both, add entries in the dataset.csv file References: 
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-files 

NO.10 You have a Recovery Service vault that you use to test backups. The test backups contain two 
protected virtual machines. 

You need to delete the Recovery Services vault. 
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What should you do first? 

A. From the Recovery Service vault, stop the backup of each backup item. 

B. From the Recovery Service vault, delete the backup data. 

C. M odify the disaster recovery properties of each virtual machine. 

D. M odify the locks of each virtual machine. 

Answer: A 

Explanation: 

You can't delete a Recovery Services vault if it is registered to a server and holds backup data. If you 
try to delete a vault, but can't, the vault is still configured to receive backup data. 

Remove vault dependencies and delete vault 

In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. 

In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual 
machines. 
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References: https://docs.microsoft.com/en-us/azure/backup/backup-azure-delete-vault 
You can't delete a Recovery Services vault if it is registered to a server and holds backup data. 

If you try to delete a vault, but can't, the vault is still configured to receive backup data. 

Remove vault dependencies and delete vault 

In the vault dashboard menu, scroll down to the Protected Items section, and click Backup Items. 

In this menu, you can stop and delete Azure File Servers, SQL Servers in Azure VM, and Azure virtual 
machines. 


NO.11 You have an Azure subscription that contains 100 virtual machines. 

You regularly create and delete virtual machines. 

You need to identify unused disks that can be deleted. 

What should you do? 

A. From M icrosoft Azure Storage Explorer, view the Account M anagement properties. 

B. From the Azure portal, configure the Advisor recommendations. 

C. From Cloudyn, open the Optimizer tab and create a report. 

D. From Cloudyn, create a Cost M anagement report. 
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Answer: A 

NO.12 You have an Azure subscription named Subscription! 

You deploy a Linux virtual machine named VM1 to Subscriptionl. 

You need to monitor the metrics and the logs of VM 1. 

What should you use? 

A. LAD 3.0 

B. Azure Analysis Services 

C. the AzurePerformanceDiagnostics extension 

D. Azure HDInsight 

Answer: C 

Explanation: 

You can use extensions to configure diagnostics on your VM s to collect additional metric data. 

The basic host metrics are available, but to see more granular and VM -specific metrics, you need to 
install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional 
monitoring and diagnostics data to be retrieved from the VM. 

References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring 

NO.13 You have an Azure subscription named Subscriptionl. Subscriptionl contains a virtual 
machine named VM 1. 

You have a computer named Computerl that runs Windows 10. Computerl is connected to the 
Internet. 

You add a network interface named Interfacel to VM 1 as shown in the exhibit (Click the Exhibit 
button.) 
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IT Network Interface: ierfacel Topology © 

Virtual network/subnet: VMRD-vnet'default Public IP: IP2 Private IP: 10.0.0.6 
Accelerated networking: Disabled 


INBOUND PORT RULES O 


0 Network security group VM1 -nsg (attached to network 
interface: Interfacel) 

Impacts 0 subnets, 2 network interfaces 


Add inbound 


PRIORITY 

NAME 

PORT 

PROTOCOL 

SOURCE 

DESTINA... 

ACTION 

1000 

default-allow-... 

3389 

TCP 

Any 

Any 

© Allow ... 

65000 

AllowVnetlnBound 

Any 

Any 

VirtualN... 

VirtualN... 

© Allow ... 

65001 

AllowAzureLoadB... 

Any 

Any 

AzureLo... 

Any 

© Allow ... 

65500 

AllowAIIInBound 

Any 

Any 

Any 

Any 

Q Deny ... 

OUTBOUND PORT RULES O 






J Network security group VM1 -nsg (attached to network 


gpC Add outbound 

interface: Interfacel) 

Impacts 0 subnets, 2 network interfaces 






PRIORITY 

NAME 

PORT 

PROTOCOL 

SOURCE 

DESTINA... 

ACTION 

65000 

AllowVnetOutBo... 

Any 

Any 

VirtualN... 

VirtualN... 

© Allow ... 

65001 

AllowinternetOut... 

Any 

Any 

Any 

Internet 

O Allow ... 

65500 

DenyAIIOutBound 

Any 

Any 

Any 

Any 

©Deny ... 


From Computerl, you attempt to connect to VM 1 by using Remote Desktop, but the connection fails. 
You need to establish a Remote Desktop connection to VM 1. 

What should you do first? 

A. Start VM 1. 

B. Attach a network interface. 

C. Delete the DenyAIIOutBound outbound port rule. 

D. Delete the DenyAIIInBound inbound port rule. 

Answer: A 

Explanation: 

Incorrect Answers: 

B: The network interface has already been added to VM. 

C: The Outbound rules are fine. 

D: The inbound rules are fine. Port 3389 is used for Remote Desktop. Note: Rules are processed in 
priority order, with lower numbers processed before higher numbers, because lower numbers have 
higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with 
lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not 
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processed. 

References: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview 

NO.14 You plan to automate the deployment of a virtual machine scale set that uses the Windows 
Server 2016 Datacenter image. 

You need to ensure that when the scale set virtual machines are provisioned, they have web server 
components installed. 

Which two actions should you perform? Each correct answer presents part of the solution. 

NOTE Each correct selection is worth one point. 

A. M odify the extensionProfile section of the Azure Resource M anager template. 

B. Create a new virtual machine scale set in the Azure portal. 

C. Create an Azure policy. 

D. Create an automation account. 

E. Upload a configuration script. 

Answer: AB 

Explanation: 

Virtual M achine Scale Sets can be used with the Azure Desired State Configuration (DSC) extension 
handler. Virtual machine scale sets provide a way to deploy and manage large numbers of virtual 
machines, and can elastically scale in and out in response to load. DSC is used to configure the VM s as 
they come online so they are running the production software. 

References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine- 
scale-sets-dsc 

NO.15 You have an Azure subscription that contains a virtual machine named VM 1. VM 1 hosts a 
line-of- business application that is available 24 hours a day. 

VM 1 has one network interface and one managed disk. VM 1 uses the D4s v3 size. 

You plan to make the following changes to VM 1: 

Change the size to D8s v3. 

Add a 500-GB managed disk. 

Add the Puppet Agent extension. 

Attach an additional network interface. 

Which change will cause downtime for VM 1? 

A. Add a 500-GB managed disk. 

B. Attach an additional network interface. 

C. Add the Puppet Agent extension. 

D. Change the size to D8s v3. 

Answer: D 
Explanation: 

While resizing the VM it must be in a stopped state. 

References: https://azure.microsoft.com/en-us/blog/resize-virtual-machines/ 

NO.16 Note: This question is part of a series of questions that present the same scenario. Each 
question in the series contains a unique solution that might meet the stated goals. Some question 
sets might have more than one correct solution, while others might not have a correct solution. After 
you answer a question in this section, you will NOT be able to return to it. As a result, these questions 
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will not appear in the review screen. 

You have an Azure virtual machine named VM1. VM 1 was deployed by using a custom Azure 
Resource M anager template named ARM l.json. 

You receive a notification that VM 1 will be affected by maintenance. You need to move VM 1 to a 
different host immediately. 

Solution: From the Redeploy blade, you click Redeploy. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: A 

Explanation: 

When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then 
powers it back on, retaining all your configuration options and associated resources. 

References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new- 
node 

NO.17 Note: This question is part of a series of questions that present the same scenario. Each 
question in the series contains a unique solution that might meet the stated goals. Some question 
sets might have more than one correct solution, while others might not have a correct solution. After 
you answer a question in this section, you will NOT be able to return to it. As a result, these questions 
will not appear in the review screen. 

You have an Azure virtual machine named VM 1. VM 1 was deployed by using a custom Azure 
Resource M anager template named ARM l.json. 

You receive a notification that VM 1 will be affected by maintenance. You need to move VM 1 to a 
different host immediately. 

Solution: From the Overview blade, you move the virtual machine to a different resource group. 

Does this meet the goal? 

A. Yes 

B. No 

Answer: B 

Explanation: 

You should redeploy the VM. 

References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new- 
node 

NO.18 You have an Azure subscription that contains the resources in the following table. 


Name 

Type 

ASG1 

Application security group 

NSG1 

Network security group (NSGj 

Subnetl 

Subnet 

VNetl 

Virtual network 

NIC1 

Network interface 

VM 1 

Virtual machine 


Subnetl is associated to VNetl. NIC1 attaches VM 1 to Subnet!. 
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You need to apply ASG1 to VM1. 

What should you do? 

A. Modify the properties of NSG1. 

B. Modify the properties of ASG1. 

C. Associate NIC1 to ASG1. 

Answer: B 
Explanation: 

When you deploy VM s, make them members of the appropriate ASGs. 

You associate the ASG with a subnet. 

References: https://azure.microsoft.com/en-us/blog/applicationsecuritygroups/ 

NO.19 You have two subscriptions named Subscriptionl and Subscription2. Each subscription is 
associated to a different Azure AD tenant. 

Subscriptionl contains a virtual network named VNetl.VNetl contains an Azure virtual machine 
named VM 1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network 
named VNet2. VNet2 contains an Azure virtual machine named VM 2 and has an IP address space of 
10.10.0.0/24. 

You need to connect VNetl to VNet2. 

What should you do first? 

A. M ove VNetl to Subscription2. 

B. M odify the IP address space of VNet2. 

C. Provision virtual network gateways. 

D. M ove VM 1 to Subscription2. 

Answer: C 

Explanation: 

The virtual networks can be in the same or different regions, and from the same or different 
subscriptions. When connecting VNets from different subscriptions, the subscriptions do not need to 
be associated with the same Active Directory tenant. 

Configuring a VNet-to-VNet connection is a good way to easily connect VNets. Connecting a virtual 
network to another virtual network using the VNet-to-VNet connection type (VNet2VNet) is similar to 
creating a Site-to-Site IPsec connection to an on-premises location. Both connectivity types use a VPN 
gateway to provide a secure tunnel using IPsec/IKE, and both function the same way when 
communicating. 

The local network gateway for each VNet treats the other VNet as a local site. This lets you specify 
additional address space for the local network gateway in order to route traffic. 

References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet- 
resource-manager-portal 

NO.20 Your company has an Azure subscription named Subscriptionl. The company also has two on¬ 
premises servers named Serverl and Server2 that run Windows Server 2016. Serverl is configured as 
a DNS server that has a primary DNS zone named adatum.com. 

Adatum.com contains 1,000 DNS records. 

You manage Serverl and Subscriptionl from Server2. Server2 has the following tools installed: 

The DNS M anager console 
Azure PowerShell 
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Azure CLI 2.0 

You need to move the adatum.com zone to Subscriptionl. The solution must minimize administrative 
effort. 

What should you use? 

A. Azure PowerShell 

B. Azure CLI 

C. the Azure portal 

D. the DNS M anager console 
Answer: B 
Explanation: 

Azure DNS supports importing and exporting zone files by using the Azure command-line interface 
(CLI). 

Zone file import is not currently supported via Azure PowerShell or the Azure portal. 

References: https://docs.microsoft.com/en-us/azure/dns/dns-import-export 


N0.21 You have an Azure subscription that contains the resources in the following table. 


Name 

Type 

Details 

VNetl 

Virtual network 

Not applicable 

Subnetl 

Subnet 

Hosted on VNetl 

VM 1 

Virtual machine 

On Subnetl 

VM2 

Virtual machine 

On Subnetl 


VM 1 and VM 2 are deployed from the same template and host line-of-business applications accessed 
by using Remote Desktop. You configure the network security group (NSG) shown in the exhibit. 
(Click the Exhibit button.) 
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Move 50 Delete 


Resource group (change) 

ProductionRG 

Location 

North Europe 

Subscription (change) 

Production subscription 

Subscription ID 

14d26092-8e42-4ea7-b770-9dcef70fblea 

Tags (change) 

Click here to add tags 

Security rules 

1 inbound, 1 outbound 

Associated with 

0 subnets, 0 network interfaces 

A 



Inbound security rules 






PRIORITY 

NAME 

PORT 

PROTOCOL 

SOURCE 

DESTINATION 

ACTION 

1500 

Port_80 

80 

TCP 

Internet 

Any 

O Deny ... 

65000 

AllowVnetlnBQund 

Any 

Any 

VirtualNetwork 

VirtualNetwork 

© Allow ... 

65001 

AllowAzureLoadBalancerlnBound Any 

Any 

AzureLoadBalancer Any 

© Allow ... 

65500 

DenyAIIBound 

Any 

Any 

Any 

Any 

O Deny ... 

Outbound security rules 






PRIORITY 

NAME 

PORT 

PROTOCOL 

SOURCE 

DESTINATION 

ACTION 

1000 

DenyWebSites 

80 

TCP 

Any 

Internet 

Q Deny ... 

65000 

AllowVnetOutBound 

Any 

Any 

VirtualNetwork 

VirtualNetwork 

O Allow ... 

65001 

Al lowl nte rn eto utB ou n d 

Any 

Any 

Any 

Internet 

© Allow ... 

65500 

DenyAIIOutBound 

Any 

Any 

Any 

Any 

Q Deny ... 


You need to prevent users of VM 1 and VM 2 from accessing websites on the Internet. 

What should you do? 

A. Associate the NSG to Subnet! 

B. Disassociate the NSG from a network interface. 

C. Change the DenyWebSites outbound security rule. 

D. Change the Port_80 inbound security rule. 

Answer: A 

Explanation: 

You can associate or dissociate a network security group from a network interface or subnet. The 
NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it 
with Subnet! 

References: https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security- 
group 

NO.22 You have an Azure subscription that contains the resources in the following table. 
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Name 

Type 

Azure region 

Resource group 

VNetl 

Virtual network 

West US 

RG2 

VNet2 

Virtual network 

West US 

RG1 

VNet3 

Virtual network 

East US 

RG1 

NSG1 

Network security 
group (NSG) 

East US 

RG2 


To which subnets can you apply NSG1? 

A. the subnets on VNet2 only 

B. the subnets on VNetl only 

C. the subnets on VNet2 and VNet3 only 

D. the subnets on VNetl, VNet2, and VNet3 

E. the subnets on VNet3 only 
Answer: E 

Explanation: 

All Azure resources are created in an Azure region and subscription. 

A resource can only be created in a virtual network that exists in the same region and subscription as 
the resource. 

References: https://docs.rnicrosoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan- 
design-arm 
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